Forum Discussion
outlook 2010 and 2013 continually asks for password in hybrid environment
pazzoide76 So it all came down to MFA via Security Defaults? That's not the first time I've heard it as I now recall another conversation with a similar issue, not identical, where I actually suggested that. It didn't struck me as a solution this time and I can only blame my six weeks vacation..
harveer singh Good job!
pazzoide76 Please mark the above reply with the solution as "Best response" for future reference.
The registry entry article I shared was specifically for Outlook 2013 and not for Outlook 2010, hope you have tested on a Outlook 2013 machine.
Run below command for your tenant and check the status of OAuth :-
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
Yes, I tried the registry key obviously with outlook 2013.
This weekend I reproduced an identical environment in the laboratory (which works with outlook 2010 and 2013)
The difference is that in the environment that does not work is that I have enabled https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help?redirectedfrom= MSDN it as HCW reported this warning:
warning HCW8064 The HCW has completed, but was not able to perform the OAuth portion of your Hybrid configuration. If you need features that rely on OAuth, you can try running the HCW again or manually configure OAuth using these manual steps
In the test infrastructure I have not implemented that functionality and both outlook 2010 and 2013 works.
By running the Get-OrganizationConfig | ft name, * OAuth * both on premises and on exchange online I get (the results are the same on both the test environment that works and the environment that doesn't work)
[PS] C:\Windows\system32>Get-OrganizationConfig | ft name, *OAuth*
Name OAuth2ClientProfileEnabled
---- --------------------------
First Organization False
mentre sull’exchange online è abilitata
PS C:\Users\challancin> Get-OrganizationConfig | ft name, *OAuth*
Name OAuth2ClientProfileEnabled
---- --------------------------
migexchange.onmicrosoft.com True
So I'm pretty sure the problem is https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help?redirectedfrom= MSDN
At this point I would like to understand how to disable it but I have not found any article.
I have already tried this article https://docs.microsoft.com/it-it/microsoft-365/enterprise/remove-or-disable-hybrid-modern-authentication-from-skype-for-business-and-excha? view = o365-worldwide without success.
Thanks
Regards
- pazzoide76
Try disabling modern authentication in cloud :-
Set-OrganizationConfig -OAuth2ClientProfileEnabled $False
Give it couple of hours or so, as it is a tenant wide setting it takes time to replicate.
Also Consider upgrading outlook clients as MS has it on its agenda to disable basic authentication in office 365.Thanks for the reply
As previously written, I had already done that test (and it had given a negative result) however I made the change I waited 4 hours but the problem persists.
The weird thing as I wrote earlier that in a mirrored test environment (the only difference is that OAuth authentication between Exchange and Exchange Online organizations has not been enabled)
The speech of updating the Outlook clients is correct however 2010 and 2013 are supported until October and in the test environment they work ....Thank you
Regards
